Terms of Use

Spark API Authentication

If you are not sure which authentication method to use, please read the Overview page.
The Spark API authentication procedure is as follows:

The developer API key is signed and sent to the authentication service over SSL.

The authentication service responds with a session token.

Each subsequent request to the API must include a token and be properly signed.

Session tokens are good for a maximum of 24 hours, and have an idle timeout of 1 hour. After the session token has expired, authentication must occur again. Only one session token may be active for any single API key at one time.
Authentication is designed to require the use of a proxy service to avoid exposing the shared secret in a user’s browser.

Notes

Requests to the /session service must be made using HTTPS, but requests to other services may be made with HTTP or HTTPS.

[service_path] is the path to the service being requested. For example, if the request is to https://sparkapi.com/v1/contacts, the service path will be /v1/contacts.

[token] is your session token, returned from a successful authentication request

[param1]...[paramN] are all parameters sent with the request, in alphabetical order first by parameter name and then by parameter value. AuthToken will always be included in this parameter list for authenticated requests.

[POST data] If a POST request is made, the JSON data must be appended to the end of the string to sign.

Expiration of tokens (Spark API auth only)

Tokens have a maximum life of 1 day (24 hours). The token will also expire if more than 60 minutes pass since the last request.
When a session expires, an HTTP 401 status code will be returned on any request to the API with the following payload: